paxmiami.blogg.se - Sap installation with user different than root

rw- /usr/sap/NPL/D00/log/sapccm4x/logsave.bin rw- /usr/sap/NPL/D00/log/sapccm4x/sapstartsrv_ccms.log rw- /usr/sap/NPL/D00/log/sapccm4x/sapccmsr.ini rw- /usr/sap/NPL/D00/log/sapccm4x/oscolfilter.ini

rw- /usr/sap/NPL/D00/log/sapccm4x/agent.lock With this parameter set to 077 the following files are created with adjusted permissions: -rw- /usr/sap/NPL/D00/log/ALMTTREE So some of the files mentioned below are packaged with -rw-r-– but after the first restart and logrotation they geht er-created with -rw-r–r–. One should consider to adjust the parameter since statistic files may contain sensible data.įun fact: the Developer Edition seems to be packaged with stricter settings than applied when running. So this parameter affects indeed only the statistic files. With this parameter set to 077 the following files are created with adjusted permissions: -rw- /usr/sap/NPL/D00/data/stat*

Export a listing of all files and folders in /usr/sap/$SAPSYSTEMNAME/.

Logon with SAPgui, perform some actions.

Set one of the relevant parameters to 077 and start the system.

umask = 077 (removes all permissions for group and others)įor my testing i decided to use umask = 077.

umask = 027 (as above and additionally remove write permissions for group).

umask = 007 (removes all permissions for others).

Since NW AS ABAP Developer edition comes with an easy installer where just a running system gets extracted, i had to cleanup some directories: stopsap ALL Therefor i set up openSUSE Leap 15.1 with NW AS ABAP 7.52 SP 04 Developer Edition on Sybase on top in my virtualbox as my test system.

Since these parameters aren’t very well documented i had to analyze their impact in detail.Īs a disclaimer, in real life scenarios there may other files be affected additionally to the ones mentioned here, for example files created with ABAP routines (e.g., files in the transport directory), SPOOL stored on the filesystem or job logs. Besides setting the umask on user level there are also several parameters in NW AS ABAP which deal with umask for different files created during startup and runtime. The SAP NetWeaver Security Guide talks in the Linux/Unix section a little bit about umask but doesn’t recommend any specific value. If a process is creating files it uses typically the umask set for the user which started the process. In Unix the permissions a file is created with are typically controlled by the so called umask. Recently i had to deal with default file permissions for files created by NW AS ABAP.